CVE-2011-1002

avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.
Infinite Loop
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
avahiavahi
𝑥
≤ 0.6.28
avahiavahi
0.1
avahiavahi
0.2
avahiavahi
0.3
avahiavahi
0.4
avahiavahi
0.5
avahiavahi
0.5.1
avahiavahi
0.5.2
avahiavahi
0.6.1
avahiavahi
0.6.2
avahiavahi
0.6.3
avahiavahi
0.6.4
avahiavahi
0.6.5
avahiavahi
0.6.6
avahiavahi
0.6.7
avahiavahi
0.6.8
avahiavahi
0.6.9
avahiavahi
0.6.10
avahiavahi
0.6.11
avahiavahi
0.6.12
avahiavahi
0.6.13
avahiavahi
0.6.14
avahiavahi
0.6.15
avahiavahi
0.6.16
avahiavahi
0.6.17
avahiavahi
0.6.18
avahiavahi
0.6.19
avahiavahi
0.6.20
avahiavahi
0.6.21
avahiavahi
0.6.22
avahiavahi
0.6.23
avahiavahi
0.6.24
avahiavahi
0.6.25
avahiavahi
0.6.26
avahiavahi
0.6.27
redhatenterprise_linux
5.0
redhatenterprise_linux
6.0
canonicalubuntu_linux
8.04
canonicalubuntu_linux
9.10
canonicalubuntu_linux
10.04
canonicalubuntu_linux
10.10
debiandebian_linux
5.0
debiandebian_linux
6.0
debiandebian_linux
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
avahi
bullseye
0.8-5+deb11u2
fixed
bookworm
0.8-10
fixed
sid
0.8-13
fixed
trixie
0.8-13
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
avahi
maverick
Fixed 0.6.27-2ubuntu3.1
released
lucid
Fixed 0.6.25-1ubuntu6.2
released
karmic
Fixed 0.6.25-1ubuntu5.3
released
hardy
Fixed 0.6.22-2ubuntu4.3
released
dapper
ignored
References